FIG. 19 is a brief overview of a configuration and processing disclosed in Patent Document 1.
An in-vehicle network system 990 disclosed in Patent Document 1 includes an in-vehicle control device 991, a communication device 992 and an authentication server 993 which communicate with each other over a network 999.
The in-vehicle control device 991 is equipped with a memory for storing data.
The communication device 992 issues a read request or a write request (hereafter, referred to as a processing request) of data to the memory of the in-vehicle control device 991, to the in-vehicle control device 991.
The authentication server 993 is a device to authenticate the communication device 992.
The authentication server 993, prior to the issuance of the processing request by the communication device 992, performs authentication of the communication device 992 and holds an authentication result of the communication device 992.
The in-vehicle control device 991, upon receipt of the processing request from the communication device 992, refers to the authentication server 993 for the authentication result of the communication device 992, and obtains the authentication result of the communication device 992. When the authentication result indicates that the communication device 992 is authenticated, the in-vehicle control device 991 accepts the processing request. When the authentication result indicates that the communication device 992 is not authenticated, the in-vehicle control device 991 rejects the processing request.
Further, the in-vehicle control device 991 checks periodically whether or not a connection is established with the authentication server 993 for communication. When a connection is not established with the authentication server 993 for communication, the in-vehicle device 991 rejects the processing request from the communication device 992.
The in-vehicle network system 990 described above poses problems as follows.
It is required that the authentication server 993 completes authentication of the communication device 992 prior to the issuance of the processing request from the communication device 992. More specifically, authentication processing should be done in advance between the authentication server 993 and the communication device 992. This requires a communication means for communication between the authentication server 993 and the communication device 992.
It is also required that the authentication server 993 holds authentication results.
Consequently, the authentication server 993 and the communication device 992 are required to increase and enhance the processing capacity and functions, and thereby the cost is increased.
Secondly, when a connection is not established between the authentication server 993 and the in-vehicle control device 991 for communication, the processing request from the communication device 992 is rejected. Thus, the processing request of the communication device 992 has to stay rejected while communication is not available between the authentication server 993 and the in-vehicle control device 991.
Also, in case of an authentication server 993 failure, the processing request from the communication device 992 has to stay rejected.
Assume that the authentication server 993 is connected to an external network, for example. If radio interference occurs as a vehicle equipped with the in-vehicle control device 991 is moving through a remote area or a tunnel, communication won't be available with the authentication server 993 via the external network, and the processing request from the communication device 992 will be rejected.
This will reduce system availability, which may cause a vehicle breakdown and eventually an accident.
Thirdly, the authentication processing of the communication device 992 is inseparable from response processing for responding with an authentication result.
This prevents processing from being distributed or multiplexed, and thereby restricting flexibility to improve system availability and processing capacity.